Method for negotiating security capability when terminal moves

ABSTRACT

Methods of security negotiation for idle state mobility from a first network to a long term evolution (LTE) network are disclosed. In one embodiment, a service general packet radio service (GPRS) support node (SGSN) of the first network transmits an authentication vector-related key to a mobility management entity (MME). A user equipment (UE) sends its security capabilities including non-access stratum (NAS) security capabilities to the MME. The MME selects a NAS security algorithm, in accordance with the NAS security capabilities of the UE, and sends a message that indicates the selected NAS security algorithm to the UE. The MME also derives, in accordance with the selected NAS security algorithm, a NAS protection key from an authentication vector-related key so as to security communication between the UE and the LTE network.

This application is a continuation of U.S. patent application Ser. No.14/873,504, filed on Oct. 2, 2015, which is a continuation of U.S.patent application Ser. No. 14/303,146, filed on Jun. 12, 2014, which isa continuation of U.S. patent application Ser. No. 14/147,179, filed onJan. 3, 2014, now U.S. Pat. No. 8,812,848, which is a continuation ofU.S. patent application Ser. No. 12/633,948, filed on Dec. 9, 2009, nowU.S. Pat. No. 8,656,169, which is a continuation of InternationalApplication No. PCT/CN2008/072165, filed on Aug. 27, 2008, which claimspriorities of Chinese Patent Application No. 200710145703.3, filed onAug. 31, 2007 and Chinese Patent Application No. 200710151700.0, filedon Sep. 26, 2007, all of which are hereby incorporated by reference intheir entireties.

TECHNICAL FIELD

The present disclosure relates to the field of wireless communicationtechnology, and more particularly to a method for negotiating a securitycapability when a terminal moves.

BACKGROUND

A wireless network includes a radio access network and a core network. Acore network of a long term evolution (LTE) wireless network includes anMME. The MME has functions similar to those of a service general packetradio service (GPRS) support node (SGSN) of a second/third generation(2G/3G) network, and is mainly responsible for mobility management anduser authentication. When a UE is in an idle state in a 2G/3G or LTEwireless network, the UE needs to respectively negotiate a non-accessstratum (NAS) security capability with the SGSN or the MME. The securitycapability includes an NAS signaling encryption algorithm, acorresponding NAS integrity protection key Knas-int, an NAS integrityprotection algorithm, and a corresponding NAS confidentiality protectionkey Knas-enc, which are used for signaling transmission between the UEand a system, thereby ensuring the normal receiving of the UE signalingand the security of the communication system.

When the UE accessing a 2G global system for mobile communications (GSM)edge radio access network (GERAN) or a 3G universal mobiletelecommunications system (UMTS) terrestrial radio access network(UTRAN) moves in the idle state, the UE may move to a tracking area ofan LTE radio access network, and thus the UE may access the networkagain through the LTE. At this time, a tracking area update (TAU)procedure occurs, that is, a TAU procedure between heterogeneousnetworks occurs. During the procedure, since the entity performingsecurity capability negotiation for the UE changes, for example, fromthe SGSN to the MME, and the entities may have different securitycapabilities, the security capability negotiation procedure needs to beperformed again, so as to ensure the security of subsequent interactionbetween the UE and the network. It should be noted that, for the LTEnetwork, the security capability negotiation includes negotiation of anNAS confidentiality protection algorithm and an NAS integrity protectionalgorithm, a radio resource control (RRC) confidentiality protectionalgorithm and an RRC integrity protection algorithm, and a user plane(UP) confidentiality protection algorithm.

For the TAU procedure initiated by the UE in the idle state, thenegotiation of the NAS confidentiality protection algorithm, the NASintegrity protection algorithm, and the corresponding NAS protectionkeys need to be solved.

During the implementation of the present disclosure, the inventor foundthat, no method for negotiating the security capability during the TAUprocedure between the heterogeneous networks can be found in the priorart, so that when the UE moves from the 2G/3G network to the LTEnetwork, the security capability negotiation cannot be performed,resulting in that the security of subsequent interaction between the UEand the network cannot be ensured.

SUMMARY OF THE DISCLOSURE

In one embodiment of the present disclosure, a method of securitynegotiation for idle state mobility from a first network to a long termevolution (LTE) network is disclosed. This method includes transmittingan authentication vector-related key from a service general packet radioservice (GPRS) support node (SGSN) of the first network to a mobilitymanagement entity (MME) included in the LTE network, receiving by theMME security capabilities of a user equipment (UE) including non-accessstratum (NAS) security capabilities of the UE from the UE. In addition,this method further includes selecting by the MME a NAS securityalgorithm supported by the NAS security capabilities of the UE, sendingby the MME a message that indicates the selected NAS security algorithmto the UE, and deriving by the MME a NAS protection key with theselected NAS security algorithm from the authentication vector-relatedkey.

In another embodiment of the present disclosure, a method of securitynegotiation for idle state mobility from a first network to a long termevolution (LTE) network is disclosed. This method includes transmittingan authentication vector-related key from a service general packet radioservice (GPRS) support node (SGSN) in the first network to a mobilitymanagement entity (MME). In addition, this method includes receivingsecurity capabilities of a user equipment (UE) including non-accessstratum (NAS) security capabilities of the UE from the UE, selecting aNAS security algorithm supported by the NAS security capabilities of theUE, sending a message that indicates the selected NAS security algorithmto the UE, and deriving a NAS protection key with the selected NASsecurity algorithm from the authentication vector-related key.

The foregoing has outlined rather broadly the features and technicaladvantages of the present disclosure in order that the detaileddescription of the disclosure that follows may be better understood.Additional features and advantages of the disclosure will be describedhereinafter which form the subject of the claims of the disclosure. Itshould be appreciated by those skilled in the art that the conceptionand specific embodiment disclosed may be readily utilized as a basis formodifying or designing other structures or processes for carrying outthe same purposes of the present disclosure. It should also be realizedby those skilled in the art that such equivalent constructions do notdepart from the spirit and scope of the disclosure as set forth in theappended claims.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flow chart of a method, according to a first embodiment ofthe present disclosure, for negotiating a security capability when aterminal moves;

FIG. 2 is a flow chart of a method, according to a second embodiment ofthe present disclosure, for negotiating a security capability when aterminal moves;

FIG. 3 is a flow chart of a method, according to a third embodiment ofthe present disclosure, for negotiating a security capability when aterminal moves; and

FIG. 4 is a structural view of a system, according to an embodiment ofthe present disclosure, for negotiating a security capability when aterminal moves.

DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

In a method for negotiating a security capability when a terminal movesprovided in the embodiments of the present disclosure, when a UE movesfrom a 2G/3G network to an LTE network, an MME receives a TAU requestmessage sent from the UE, and acquires an NAS security algorithmsupported by the UE, and an authentication vector-related key or a rootkey derived according to the authentication vector-related key. Then,the MME selects an NAS security algorithm according to the NAS securityalgorithm supported by the UE, derives an NAS protection key accordingto the authentication vector-related key or the root key derivedaccording to the authentication vector-related key, and sends a messagecarrying the selected NAS security algorithm to the UE. The UE derivesan NAS protection key according to an authentication vector-related key.

The embodiments of the present disclosure are illustrated in detailbelow with reference to specific embodiments and the accompanyingdrawings.

It is assumed that a UE has accessed a UTRAN/GERAN when being in an idlestate. In this case, when moving to a tracking area of an LTE network,the UE initiates a TAU procedure.

FIG. 1 is a flow chart of a method, according to a first embodiment ofthe present disclosure, for negotiating a security capability when aterminal moves. Referring to FIG. 1, the method includes the followingsteps.

In step 100, a UE sends a TAU request to an MME.

In this step, the UE sends the TAU request to a new MME through anevolved Node B (eNB) of an LTE radio access network. For the convenienceof description, communication between the UE and the MME through the eNBis simplified to communication between the UE and the MME in thefollowing description.

The TAU request sent from the UE to the MME in this step not onlycarries some parameters such as a temporary mobile subscriber identity(TMSI) known to persons skilled in the art, but may also carry securitycapability information supported by the UE. The security capabilityinformation includes an NAS security algorithm (an NAS integrityprotection algorithm and/or an NAS confidentiality protectionalgorithm), and may also include an RRC security algorithm (an RRCintegrity protection algorithm and/or an RRC confidentiality protectionalgorithm) or a UP security algorithm (a UP confidentiality protectionalgorithm).

In steps 101-102, the MME acquires an NAS security algorithm supportedby the UE, and sends a mobility management context request message to anSGSN. After receiving the message, the SGSN sends a mobility managementcontext response message carrying an authentication vector-related keyto the MME.

If in step 100, the UE does not carry the NAS security algorithmsupported by the UE in the TAU request sent to the MME, after receivingthe mobility management context request message, the SGSN queries theNAS security algorithm supported by the UE, and carries the queried NASsecurity algorithm supported by the UE in the mobility managementcontext response message sent to the MME. The NAS security algorithm isthe NAS integrity protection algorithm and/or the NAS confidentialityprotection algorithm.

When the UE moves from the 2G network to the tracking area of the LTEnetwork, the SGSN in the above process is an SGSN of the 2G network, andthe authentication vector-related key at least includes an encryptionkey Kc, or a value Kc′ obtained after a unidirectional conversion isperformed on the Kc. When the UE moves from the 3G network to thetracking area of the LTE network, the SGSN in the above process is anSGSN of the 3G network, and the authentication vector-related key atleast includes an integrity key IK and an encryption key CK, or valuesIK′ and CK′ after a unidirectional conversion is performed on the IK andthe CK.

The unidirectional conversion refers to a conversion procedure in whichan original parameter is converted by using a certain algorithm toobtain a target parameter, but the original parameter cannot be derivedaccording to the target parameter. For example, for the Kc, if the Kc′is obtained by using an algorithm f(Kc), but the Kc cannot be derivedaccording to the Kc′ by using any inverse algorithm, the conversion isthe unidirectional conversion.

In step 103, the MME selects a new NAS security algorithm, according tothe NAS security algorithm supported by the UE and an NAS securityalgorithm supported by the MME as well as an NAS security algorithmallowed by the system, derives a root key Kasme according to theauthentication vector-related key, and then derives an NAS protectionkey according to the Kasme. The NAS protection key includes an NASintegrity protection key Knas-int and/or an NAS confidentialityprotection key Knas-enc.

In step 104, the MME generates a TAU accept message carrying theselected NAS security algorithm.

In this step, the MME may further perform an NAS integrity protection onthe TAU accept message. For example, the MME derives a value of amessage authentication code of the NAS integrity protection (NAS-MAC)according to the NAS integrity protection key Knas-int derived in step103, information in the TAU accept, and the NAS integrity protectionalgorithm in the selected NAS security algorithm, and then carries thevalue in the TAU accept message, and sends the TAU accept message to theUE.

The TAU accept message in this step may further carry securitycapability information supported by the UE.

In step 105, the UE receives the TAU accept message carrying the NASsecurity algorithm selected by the MME, and acquires the negotiated NASsecurity algorithm; and then derives a root key Kasme according to acurrent authentication vector-related key thereof (for example, the IKand the CK, or the IK′ and the CK′ derived according to the IK and theCK when the originating network is the 3G, or the Kc or the Kc′ derivedaccording to the Kc when the originating network is the 2G), and derivesan NAS protection key according to the root key. The NAS protection keyincludes the NAS integrity protection key Knas-int and/or the NASconfidentiality protection key Knas-enc.

In this step, the UE may further detect whether the integrity protectionperformed on the TAU accept message is correct. If not, it is determinedthat the current security capability negotiation fails, and the securitycapability negotiation procedure may be initiated again. For example,the UE derives an NAS-MAC according to the derived NAS confidentialityprotection key Knas-enc, the information in the TAU accept, and the NASintegrity protection algorithm carried in the TAU accept message, andthen compares whether the derived NAS-MAC is the same as the NAS-MACcarried in the TAU accept message. If yes, it indicates that the messageis not modified during transmission; otherwise, it is deemed that themessage is modified during transmission, and it is thus determined thatthe current security capability negotiation fails.

If in step 104, the TAU accept message further carries the securitycapability information supported by the UE, in this step, the UE mayfurther compare the security capability information supported by the UEand carried in the TAU accept message with security capabilityinformation stored therein. If the two are consistent with each other,it is determined that no degradation attack occurs; otherwise, it isdetermined that a degradation attack occurs, and that the currentsecurity capability negotiation fails, and the security capabilitynegotiation procedure may be initiated again, thereby preventing thedegradation attack.

For the degradation attack, it is assumed that the UE supports twosecurity algorithms at the same time, namely, a high strength algorithmA1 and a low strength algorithm A2, and the MME also supports the twoalgorithms. In this manner, the high strength algorithm A1 should benegotiated between the UE and the MME. However, if in a path along whichthe UE sends the security capability information supported by the UE tothe MME, an attacker modifies the security capability information of theUE, for example, only the low strength algorithm A2 is maintained, orwhen the MME selects the NAS security algorithm, the security capabilityinformation supported by the UE is modified by the attacker, and onlythe low strength algorithm A2 is maintained, the MME can only select andsend the low strength algorithm A2 to the UE. That is, the low strengthalgorithm A2, rather than the high strength algorithm A1, is obtainedthrough the negotiation between the UE and the MME, so that the attackermay perform an attack more easily, which is the so-called degradationattack. In an embodiment of the present disclosure, the MME sends thesecurity capability information supported by the UE to the UE, and theUE detects whether the security capability information supported by theUE is consistent with the security capability information supported bythe UE, thereby detecting and further preventing the degradation attack.

The procedure that the MME finally derives the NAS protection keyaccording to the authentication vector-related key in step 103 is notlimited to any time sequence with respect to step 104 and step 105, andthe procedure may be performed before step 104, or between step 104 andstep 105, or after step 105.

In the above process, the MME and the UE may also directly derive theNAS protection key according to the authentication vector-related keywithout deriving the root key and then deriving the NAS protection keyaccording to the root key.

It should be understood by persons skilled in the art that, in the aboveprocess, a derivation method used by the UE to derive the NAS protectionkey according to the authentication vector-related key must be the sameas that used by the network side to derive the NAS protection keyaccording to the authentication vector-related key. The derivationmethod may adopt any unidirectional conversion, for example, Kasme=f(IK,CK, other parameters), Knas-enc=f(Kasme, NAS confidentiality protectionalgorithm, other parameters), and Knas-int=f(Kasme, NAS integrityprotection algorithm, other parameters).

In addition, in order to highlight this embodiment of the presentdisclosure, procedures that are not related to the security are omittedbetween steps 102 and 104 in the above process.

Through the above process, the UE and the MME can share the NAS securityalgorithm and the NAS protection key, thereby implementing thenegotiation of the NAS security capability.

FIG. 2 is a flow chart of a method, according to a second embodiment ofthe present disclosure, for negotiating a security capability when aterminal moves. Referring to FIG. 2, the method includes the followingsteps.

Step 200 is the same as step 100, so description thereof is omittedhere.

In steps 201-203, the MME acquires an NAS security algorithm supportedby the UE, and sends a context request message to an SGSN. Afterreceiving the context request message, the SGSN derives a root keyaccording to an authentication vector-related key thereof, and thensends a context response message carrying the root key to the MME.

In other embodiments of the present disclosure, if in step 200, the UEdoes not carry the NAS security algorithm supported by the UE in the TAUrequest sent to the MME, after receiving the mobility management contextrequest message, the SGSN queries the NAS security algorithm supportedby the UE, and carries the queried NAS security algorithm supported bythe UE in the mobility management context response message sent to theMME. The NAS security algorithm is the NAS integrity protectionalgorithm and/or the NAS confidentiality protection algorithm.

When the UE moves from the 2G network to the tracking area of the LTEnetwork, the SGSN in the above process is an SGSN of the 2G network, andthe root key is the root key Kasme derived by the SGSN according to theKc or the Kc′ obtained after the unidirectional conversion is performedon the Kc. When the UE moves from the 3G network to the tracking area ofthe LTE network, the SGSN in the above process is an SGSN of the 3Gnetwork, and the root key is the Kasme derived by the SGSN according tothe IK and the CK, or the IK′ and the CK′ after the unidirectionalconversion is performed on the IK and the CK.

In step 204, the MME selects a new NAS security algorithm, according tothe NAS security algorithm supported by the UE and an NAS securityalgorithm supported by the MME as well as an NAS security algorithmallowed by the system; and then derives an NAS protection key accordingto the root key. The NAS protection key includes an NAS integrityprotection key Knas-int and/or an NAS confidentiality protection keyKnas-enc.

In step 205, the MME generates a TAU accept message carrying theselected NAS security algorithm.

In this step, the MME may further perform an NAS integrity protection onthe TAU accept message. The TAU accept message in this step may furthercarry security capability information supported by the UE.

In step 206, the UE receives the TAU accept message carrying the NASsecurity algorithm selected by the MME, and acquires the negotiated NASsecurity algorithm; and then derives a root key Kasme according to acurrent authentication vector-related key (for example, the IK and theCK, or the IK′ and the CK′ derived according to the IK and the CK whenthe originating network is the 3G, or the Kc or the Kc′ derivedaccording to the Kc when the originating network is the 2G), and derivesan NAS protection key according to the root key. The NAS protection keyincludes the NAS integrity protection key Knas-int and/or the NASconfidentiality protection key Knas-enc.

In this step, the UE may further detect whether the integrity protectionperformed on the TAU accept message is correct. If not, it is determinedthat the current security capability negotiation fails, and the securitycapability negotiation procedure may be initiated again.

In other embodiments of the present disclosure, if in step 205, the TAUaccept message further carries the security capability informationsupported by the UE, in this step, the UE may further compare thesecurity capability information supported by the UE carried in the TAUaccept message with security capability information supported by the UE.If the two are consistent with each other, it is determined that nodegradation attack occurs; otherwise, it is determined that adegradation attack occurs, and that the current security capabilitynegotiation fails, and the security capability negotiation procedure maybe initiated again, thereby preventing the degradation attack.

In other embodiments of the present disclosure, the procedure that theMME derives the NAS protection key according to the root key in step 204is not limited to any time sequence with respect to step 205 and step206, and the procedure may be performed before step 205, or between step205 and step 206, or after step 206.

It should be understood by persons skilled in the art that, in the aboveprocess, a derivation method used by the UE to derive the NAS protectionkey according to the authentication vector-related key must be the sameas that used by the network side to derive the NAS protection keyaccording to the authentication vector-related key.

Through the above process, the UE and the MME can share the NAS securityalgorithm and the NAS protection key, thereby implementing thenegotiation of the NAS security capability.

FIG. 3 is a flow chart of a method, according to a third embodiment ofthe present disclosure, for negotiating a security capability when aterminal moves. Referring to FIG. 3, the method includes the followingsteps.

Step 300 is the same as step 100, so description thereof is omittedhere.

In steps 301-302, the MME acquires an NAS security algorithm supportedby the UE from an SGSN through mobility management context request andresponse messages.

In other embodiments of the present disclosure, if in step 300, the UEdoes not carry the NAS security algorithm supported by the UE in the TAUrequest sent to the MME, after receiving the mobility management contextrequest message, the SGSN queries the NAS security algorithm supportedby the UE, and carries the queried NAS security algorithm supported bythe UE in the mobility management context response message sent to theMME. The NAS security algorithm is the NAS integrity protectionalgorithm and/or the NAS confidentiality protection algorithm.

In step 303, the MME acquires a root key Kasme derived according to anauthentication vector-related key from a home subscriber server (HSS)through an authentication and key agreement (AKA) procedure.

In step 304, the MME selects a new NAS security algorithm, according tothe NAS security algorithm supported by the UE and an NAS securityalgorithm supported by the MME as well as and an NAS security algorithmallowed by the system; and then derives other NAS protection keysaccording to the Kasme. The NAS protection keys include an NAS integrityprotection key Knas-int and an NAS confidentiality protection keyKnas-enc.

In step 305, the MME generates and sends to the UE an NAS security modecommand (SMC) request message carrying the selected NAS securityalgorithm. The SMC request message may be carried in a TAU acceptmessage.

In this step, the MME may further perform an NAS integrity protection onthe SMC accept message. For example, the MME derives a value of anmessage authentication code of the NAS integrity protection (NAS-MAC)according to the NAS integrity protection key Knas-int derived in step304, information in the SMC request message, and the NAS integrityprotection algorithm in the selected NAS security algorithm, and thencarries the value in the SMC request message, and sends the SMC requestmessage to the UE.

The SMC request message in this step may further carry securitycapability information supported by the UE.

In step 306, the UE receives the SMC request message carrying the NASsecurity algorithm selected by the MME, and acquires the NAS securityalgorithm supported by the UE and selected by the MME; and then derivesa root key according to a current authentication vector-related keyobtained in an AKA procedure thereof, and derives an NAS protection keyaccording to the root key. The NAS protection key includes the NASintegrity protection key Knas-int and the NAS confidentiality protectionkey Knas-enc.

In this embodiment, in this step, the UE may further detect whether theintegrity protection performed on the TAU accept message is correct. Ifnot, it is determined that the current security capability negotiationfails, and the security capability negotiation procedure may beinitiated again. For example, the UE derives an NAS-MAC according to thederived NAS confidentiality protection key Knas-enc, the information inthe TAU accept message, and the NAS integrity protection algorithmcarried in the TAU accept message, and then compares whether the derivedNAS-MAC is the same as the NAS-MAC carried in the TAU accept message. Ifyes, it indicates that the message is not modified during transmission;otherwise, it is deemed that the message is modified duringtransmission, and it is thus determined that the current securitycapability negotiation fails.

In other embodiments of the present disclosure, if in step 305, the SMCrequest message further carries the security capability informationsupported by the UE, in this step, the UE may further compare thesecurity capability information supported by the UE and carried in theSMC request message with security capability information supported bythe UE. If the two are consistent with each other, it is determined thatno degradation attack occurs; otherwise, it is determined that adegradation attack occurs, and that the current security capabilitynegotiation fails, and the security capability negotiation procedure maybe initiated again, thereby preventing the degradation attack.

In step 307, the UE sends an SMC complete response message to the MME.The SMC complete response message may be carried in a TAU completemessage.

In step 308, the MME returns a TAU accept message.

In other embodiments of the present disclosure, when the SMC requestmessage is sent to the UE by carrying the SMC request message in the TAUaccept message in step 305, step 308 is combined with step 305.

In step 309, the UE returns a TAU complete message.

In other embodiments of the present disclosure, when the SMC completeresponse message is carried in the TAU complete message in step 307,step 309 is combined with step 307.

Through the above process, the negotiation of the NAS securitycapability is implemented.

Persons of ordinary skill in the art should understand that all or apart of the steps in the method according to the embodiments of thepresent disclosure may be implemented by a program instructing relevanthardware, and the program may be stored in a computer readable storagemedium, such as a read-only memory (ROM)/random access memory (RAM), amagnetic disk, or an optical disk.

FIG. 4 is a structural view of a system, according to an embodiment ofthe present disclosure, for negotiating a security capability when aterminal moves. Referring to FIG. 4, the system includes a UE and anMME.

The UE is adapted to send a TAU request message to the MME, receive amessage carrying a selected NAS security algorithm sent from the MME,and derive an NAS protection key according to an authenticationvector-related key.

The MME is adapted to: receive the TAU request message sent from the UE;acquire an authentication vector-related key or a root key derivedaccording to the authentication vector-related key, and an NAS securityalgorithm supported by the UE; select an NAS security algorithmaccording to the NAS security algorithm supported by the UE, andgenerate and send a message carrying the selected NAS security algorithmto the UE; and derive an NAS protection key according to the acquiredauthentication vector-related key or the root key derived according tothe authentication vector-related key.

In the system, the MME further acquires security capability informationsupported by the UE, and further carries the security capabilityinformation supported by the UE in the message carrying the selected NASsecurity algorithm sent to the UE, and the UE further determines whethera degradation attack occurs by determining whether the securitycapability information supported by the UE and sent from the MME isconsistent with security capability information supported by the UE.

Specifically, the MME includes an acquisition module, a selectionmodule, and a key derivation module.

The acquisition module is adapted to receive the TAU request messagesent from the UE, acquire the authentication vector-related key or theroot key derived according to the authentication vector-related key, andthe NAS security algorithm supported by the UE. The selection module isadapted to select the NAS security algorithm according to the NASsecurity algorithm supported by the UE and acquired by the acquisitionmodule, generate and send the message carrying the selected NAS securityalgorithm to the UE. The key derivation module is adapted to derive theNAS protection key, according to the authentication vector-related keyor the root key derived according to the authentication vector-relatedkey acquired by the acquisition module, and the selected NAS securityalgorithm.

The acquisition module further acquires the security capabilityinformation supported by the UE, and the selection module furthercarries the security capability information supported by the UE andacquired by the acquisition module in the message carrying the selectedNAS security algorithm.

The UE includes an updating module, a key derivation module, a storagemodule, and a detection module.

The updating module is adapted to send the TAU request message carryingthe security capability information supported by the UE and stored inthe storage module to the MME, and receive the message carrying theselected NAS security algorithm sent from the MME. The key derivationmodule is adapted to derive the NAS protection key according to theauthentication vector-related key and the selected NAS securityalgorithm received by the updating module. The storage module is adaptedto store the security capability information supported by the UE. Thedetection module is adapted to determine that a degradation attackoccurs when detecting that the security capability information supportedby the UE and received from the MME is inconsistent with the securitycapability information supported by the UE and stored in the storagemodule. The message carrying the selected NAS security algorithm sentfrom the MME further carries security capability information supportedby the UE.

It can be seen from the above description that, in the technicalsolutions provided in embodiments of the present disclosure, the MMEreceives the TAU request message sent from the UE, and acquires the NASsecurity algorithm supported by the UE and the authenticationvector-related key or the root key derived according to theauthentication vector-related key; and then selects the NAS securityalgorithm according to the NAS security algorithm supported by the UE,and generates and sends the message carrying the selected NAS securityalgorithm to the UE, thereby enabling the UE and the MME to share theNAS security algorithm. In addition, the UE and the MME derive the NASprotection key according to the authentication vector-related key or theroot key derived according to the authentication vector-related key,thereby enabling the MME and the UE to share the NAS protection key. Inthis way, when moving from the 2G/3G network to the LTE network, the UEcan negotiate the NAS security algorithm and the NAS protection key withthe MME, so that the security capability negotiation process in the TAUprocedure between the heterogeneous networks is achieved, therebyensuring the security of subsequent interaction between the UE and thenetwork.

Through the present disclosure, the degradation attack can be furtherprevented. The MME also returns the security capability informationsupported by the UE through the TAU accept message, and the UE detectswhether the security capability information supported by the UE isconsistent with the current security capability information supported bythe UE. If yes, the current security capability negotiation succeeds,and the NAS security algorithm and the NAS protection key obtainedthrough the negotiation can be used. If not, it is determined that adegradation attack occurs, the current security capability negotiationfails, and the security capability negotiation needs to be performedagain. Through the above solutions, it can be detected whether thesecurity capability information supported by the UE is attacked beforethe MME acquires the security capability information supported by theUE, thereby preventing the degradation attack and ensuring the securityof subsequent interaction between the UE and the network.

In one embodiment, the present disclosure is directed to a method fornegotiating a security capability when a terminal moves, so that whenmoving from a 2G/3G network to an LTE network, a UE in an idle state cannegotiate a security capability.

In another embodiment, the present disclosure is further directed to asystem for negotiating a security capability when a terminal moves, sothat when moving from a 2G/3G network to an LTE network, a UE in an idlestate can negotiate a security capability.

In yet another embodiment, the present disclosure is further directed toan MME, so that when moving from a 2G/3G network to an LTE network, a UEin an idle state can negotiate a security capability.

In yet another embodiment, the present disclosure is further directed toa UE device, so that when moving from a 2G/3G network to an LTE network,a UE in an idle state can negotiate a security capability.

In yet another embodiment, a method for negotiating a securitycapability when a terminal moves is provided, which includes thefollowing steps. An MME receives a TAU request message sent from a UE,and acquires an NAS security algorithm supported by the UE, and anauthentication vector-related key or a root key derived according to theauthentication vector-related key. The MME selects an NAS securityalgorithm according to the NAS security algorithm supported by the UE,derives an NAS protection key according to the authenticationvector-related key or the root key, and sends a message carrying theselected NAS security algorithm to the UE. The UE derives an NASprotection key according to an authentication vector-related keythereof.

In yet another embodiment, a system for negotiating a securitycapability when a terminal moves is provided, which includes a UE and anMME. The UE is configured to send a TAU request message to the MME,receive a message carrying a selected NAS security algorithm sent fromthe MME, and derive an NAS protection key according to an authenticationvector-related key. The MME is configured to: receive the TAU requestmessage sent from the UE; acquire an authentication vector-related keyor a root key derived according to the authentication vector-relatedkey, and an NAS security algorithm supported by the UE; select an NASsecurity algorithm according to the NAS security algorithm supported bythe UE, and generate and send a message carrying the selected NASsecurity algorithm to the UE; and derive an NAS protection key accordingto the acquired authentication vector-related key or the root key.

In yet another embodiment, an MME is provided, which includes anacquisition module, a selection module, and a key derivation module. Theacquisition module is configured to receive a TAU request message sentfrom a UE, acquire an authentication vector-related key or a root keyderived according to the authentication vector-related key, and an NASsecurity algorithm supported by the UE. The selection module isconfigured to select an NAS security algorithm according to the NASsecurity algorithm supported by the UE and acquired by the acquisitionmodule, generate a message carrying the selected NAS security algorithm,and send the message to the UE. The key derivation module is configuredto derive an NAS protection key according to the authenticationvector-related key or the root key derived according to theauthentication vector-related key acquired by the acquisition module,and the NAS security algorithm selected by the selection module.

In yet another embodiment, a UE is provided, which includes an updatingmodule, a key derivation module, a storage module, and a detectionmodule. The updating module is configured to send to an MME a TAUrequest message carrying security capability information supported bythe UE and stored in the storage module, and receive a message carryinga selected NAS security algorithm sent from the MME. The key derivationmodule is configured to derive an NAS protection key according to anauthentication vector-related key and the NAS security algorithmreceived by the updating module. The storage module is configured tostore the security capability information supported by the UE. Thedetection module is configured to determine that a degradation attackoccurs when detecting that security capability information supported bythe UE and received from the MME is inconsistent with the securitycapability information supported by the UE and stored in the storagemodule.

In yet another embodiment, the MME receives the TAU request message sentfrom the UE, and acquires the authentication vector-related key or theroot key derived according to the authentication vector-related key andthe NAS security algorithm supported by the UE; then selects the NASsecurity algorithm according to the NAS security algorithm supported bythe UE, generates a message carrying the selected NAS securityalgorithm, and sends the message to the UE, thereby enabling the UE andthe MME to share the NAS security algorithm. In addition, the MMEderives the NAS protection key according to the authenticationvector-related key or the root key derived according to theauthentication vector-related key, and the UE derives the NAS protectionkey according to the authentication vector-related key, thereby enablingthe MME and the UE to share the NAS protection key. In this way, whenmoving from the 2G/3G network to the LTE network, the UE can negotiatethe NAS security algorithm and the NAS protection key with the MME, sothat the security capability negotiation process in the TAU procedurebetween heterogeneous networks is achieved, thereby ensuring thesecurity of subsequent interaction between the UE and the network.

In addition, the present disclosure is also applicable to a securitycapability negotiation procedure when the UE moves within the LTEnetwork.

The above descriptions are merely preferred embodiments of the presentdisclosure, but not intended to limit the protection scope of thepresent disclosure. Any modification, equivalent replacement, andimprovement made without departing from the spirit and principle of thepresent disclosure fall within the protection scope of the presentdisclosure.

What is claimed is:
 1. A method of security negotiation for idle statemobility from a first network to a long term evolution (LTE) network,the method comprising: transmitting an authentication vector-related keyfrom a service general packet radio service (GPRS) support node (SGSN)of the first network to a mobility management entity (MME) included inthe LTE network; receiving, by the MME, security capabilities of a userequipment (UE) including non-access stratum (NAS) security capabilitiesof the UE from the UE; selecting, by the MME, a NAS security algorithmsupported by the NAS security capabilities of the UE; sending, by theMME, a message that indicates the selected NAS security algorithm to theUE; and deriving, by the MME, a NAS protection key with the selected NASsecurity algorithm from the authentication vector-related key.
 2. Themethod of claim 1, wherein the security capabilities is received througha tracking area update (TAU) request message.
 3. The method of claim 1,wherein the message that indicates the selected NAS security algorithmis a NAS security mode command message.
 4. The method of claim 1,wherein the message that indicates the selected NAS security algorithmis a tracking area update (TAU) accept message.
 5. The method of claim1, further comprising, before the sending the message that indicates theselected NAS security algorithm: protecting, by the MME, the messagethat indicates the selected NAS security algorithm, with the derived NASprotection key.
 6. The method of claim 1, wherein the first network is asecond generation (2G) network and the authentication vector-related keyincludes an encryption key (Kc).
 7. The method of claim 1, wherein thefirst network is a third generation (3G) network and the authenticationvector-related key includes an integrity key (1K) and an encryption key(CK).
 8. The method of claim 1, wherein the authenticationvector-related key is transmitted through a context response message. 9.The method of claim 2, wherein the first network is a second generation(2G) network and the authentication vector-related key includes anencryption key (Kc).
 10. The method of claim 2, wherein the firstnetwork is a third generation (3G) network and the authenticationvector-related key includes an integrity key (1K) and an encryption key(CK).
 11. The method of claim 2, wherein the message that indicates theselected NAS security algorithm is a NAS security mode command message.12. The method of claim 11, wherein the transmitting the authenticationvector-related key comprises transmitting the authenticationvector-related key through a context response message.
 13. The method ofclaim 12, further comprising, before the sending the message thatindicates the selected NAS security algorithm: protecting, by the MME,the message that indicates the selected NAS security algorithm, with thederived NAS protection key.
 14. The method of claim 13, wherein thefirst network is a second generation (2G) network and the authenticationvector-related key includes an encryption key (Kc).
 15. The method ofclaim 13, wherein the first network is a third generation (3G) networkand the authentication vector-related key includes an integrity key (1K)and an encryption key (CK).
 16. A method of security negotiation foridle state mobility from a first network to a long term evolution (LTE)network, the method comprising: transmitting an authenticationvector-related key from a service general packet radio service (GPRS)support node (SGSN) in the first network to a mobility management entity(MME); receiving, by the MME, security capabilities of a user equipment(UE) including non-access stratum (NAS) security capabilities of the UEfrom the UE; selecting, by the MME, a NAS security algorithm supportedby the NAS security capabilities of the UE; sending, by the MME, amessage that indicates the selected NAS security algorithm to the UE;and deriving, by the MME, a NAS protection key with the selected NASsecurity algorithm from the authentication vector-related key.
 17. Themethod of claim 16, wherein the security capabilities is receivedthrough a tracking area update (TAU) request message.
 18. The method ofclaim 16, wherein the message that indicates the selected NAS securityalgorithm is a NAS security mode command message.
 19. The method ofclaim 17, wherein the first network is a second generation (2G) networkand the authentication vector-related key includes an encryption key(Kc).
 20. The method of claim 17, wherein the first network is a thirdgeneration (3G) network and the authentication vector-related keyincludes an integrity key (1K) and an encryption key (CK).